“The world is working exactly as designed. And it’s not working very well. Which means we need to do a better job of designing it.” —Mike Monteiro, author of Ruined by Design: How Designers Destroyed the World, and What We Can Do to Fix It
UPDATE THIS TO REFER MORE EXPLICITLY BACK TO PLACEMENTS FROM SECTION IV INTRO MOVE INSIGHTS TO CHAPTER 10
In this chapter, I take on the roles of adversarial designer, social activist and technical strategist, drawing upon:
The objective here is to expand further on the map of the HDR landscape in Figure 8.1 so that we might chart a course towards the desired change. This chapter is solution-focused, and considers the nuts and bolts of how we might begin to tackle those obstacles in pursuit of the HDR objectives [7.7] of data and ecosystem awareness, understanding and negotiability. In the following sections, I present four different ‘flavours’ of HDR reform which I have observed. Each section begins with a diagrammatic representation of that approach as a trajectory of change. These diagrams use a model known as Theories of Change (ToC) which is explained in 9.1 below.
To provide a structure for cataloguing the insights conveyed by this section, I use a Theory of Change (ToC) framing. ToC is a set of methodologies is commonly used by philanthropists, educators and those trying to improve the lives of disadvantaged populations (Brest, 2010). The theories can be used in different ways including planning, participatory design and field evaluation of the effectiveness of new initiatives. There are many different implementations, but common to most of them is a focus on explicitly mapping out desired outcomes (Taplin and Clark, 2012) with a clear focus on who is acting and whether the change being brought about is a change in action, or a change in thinking (Es, Guijt and Vogel, 2015). In this chapter, ToC theory will be used in a very limited way, not as a methodology but simply to provide a visual and structural frame for proposed changes. Using ToC to perform evaluation of the effectiveness of proposed change approaches in action in society would be well beyond the scope of this thesis. Nonetheless, the frame is a useful way to map out the different approaches to changing the world in pursuit of better HDR.
Figure 9.1 illustrates the aspects of ToC thinking that are important when using this frame. Specifically, desired changes can be broken down into:
At the same time, desired changes can be broken down into:
These two splits produce four dimensions of change, and form four quadrants representing different types of change, which are shown in Figure 9.1 and described here:
Key to ToC thinking is the idea that making changes in one quadrant can stimulate change in others; for example, collective learning about data attitudes and practices, such as the research conducted in this PhD (lower left quadrant), could inform the design of new technologies, interfaces or processes (lower right quadrant), which if built could make new structures available to have an impact on improving individual-provider relationships (upper-right quadrant). The changes to those relationships could then in turn lead to individuals thinking and feeling differently (upper left quadrant), for example feeling more empowered or having greater awareness of data practices. The diagram at the start of each of the following four subsections illustrate that approach’s trajectory of change through the ToC quadrants.
The approach to HDR reform presented in this section, and illustrated in Figure 9.2 above, embraces the activist aspect of being a recursive public [7.8], as well as the individualist idea of reconfiguring one’s world [3.1]. This approach focuses on the realities of the current data-centric provider ecosystem, and is focused upon deeply understanding it so that it can be challenged from a grounded position of strength. The approach, which would be applied typically to a single service provider, app or platform (which could also be a public sector service) is fourfold:
I describe this approach as Discovery-Driven Activism. The discovery phase, which aims simply to establish facts about the past or current data practices of the target organisation, can be broad (‘let’s see what we find’, as in the digipower investigation [ARI7.2]), or highly targeted, such as when The Citizens (a non-profit pressure group in the UK who ‘use impact journalism to hold government and big tech to account’ (‘The citizens - about us’, 2020)) used Subject Access Requests to investigate a breach of personal data by the Labour Party in the UK (Colbert, 2022).
Subject Access Requests and Data Portability Requests (Information Commissioner’s Office, 2018) are two of the most powerful tools for this kind of investigation. Freedom of Information Requests have previously been used to obtain otherwise hidden data and information from governments and public sector organisations (BBC News, 2014). Similarly, these new data access rights are beginning to be used to force commercial organisations to release personal data or information about data processing. There are challenges in non-compliance, as discussed in 5.4.2 and 5.5.1, but the ability for the individual to ask very broad or very precisely targeted questions and to be able to threaten a complaint to a Data Protection Authority (backed by a potential fine if their question is not answered) is a significant new power that HDR reformers can exploit.
| INSIGHT 9: Individual GDPR requests can compel companies to change data practices. |
|---|
| In this inset box, I will explain how one person can apply the discovery-driven activist approach to compel a multi-billion-dollar international data-centric organisation to improve their HDR. |
As an avid user for several years of the
music streaming service Spotify, I have built up a large library of
playlists. I was interest to build an app using my listening data, so
made a GDPR request to get a copy of my personal data. When I received
that data, I was disappointed to find it was not suitable for
programmatic use, because the tracks in my listening history were
identified not by any unique identifiers such as
spotify:track:4cOdK2wGLETKBW3PvgPWqT which I could use to
construct clickable song links, just by freeform text strings. Through a
long and complicated saga, explained in detail in ARI9.1, which involved much persistence and sending
over 30 e-mails in an eight-month period, I was ultimately successful in
getting Spotify to improve the format of their GDPR data returns,
not just for me but for all customers who make GDPR requests in
future. I had proven that one individual can use their GDPR
rights to exert power over a corporation, with persistence. |
| A larger scale example of individuals forcing giant corporations to change is seen in the case of Facebook. In the early 2010s, Austrian lawyer Max Schrems began to pressure Facebook to disclose more personal data to their users. He created a tool to enable people to make their own data access requests, which over 40,000 people used. Faced with an overwhelming volume of work and massive liability of future data access requests, Facebook was forced to launch the self-service Download Your Information (DYI) download tool, increasing transparency for all Facebook users worldwide (Solon, 2012). Facebook was forced to increase its transparency further when Paul-Olivier Dehaye (now CEO of Hestia.ai) made a GDPR request (later backed by legal action) to force Facebook to disclose more information about which advertisers Facebook had enabled to target him using the Facebook Custom Audiences feature. Apparently in order to avoid being embarrassed in court, Facebook updated DYI so that every user’s downloaded information includes a list of advertisers who have added you to a Custom Audience (Dehaye, 2017). Dehaye and Schrems both continue to act as HDR reformers and civic hackers following the discovery-driven activism approach, through their organisations Hestia.ai [ARI7.2] and privacy rights organisation noyb.eu (‘none of your business’) (Schrems, 2017) respectively. |
Facebook’s DYI tool, mentioned in the insight above, represents a useful class of tool in the arsenal of the activist HDR reformer. Along with Google Takeout, it is one of number of data download portals that allow users to download their own data. Since GDPR’s introduction in 2018, an increasing number of large online platforms including Facebook, Google, Apple, Netflix, Twitter, Spotify, Uber, Instagram and Strava, faced with the need to reduce the cost impact of GDPR request handling for their large userbases, have developed and augmented online self-service portals available where users can download a copy of their personal data. This has some advantages over Subject Access Requests in that data can usually be obtained within minutes or hours rather than taking up to 30 days, but has some disadvantages in that the data returned is a voluntary offering by the company, that may not cover the data that the individual is seeking and does not provide any ability to ask follow-up questions. This technique was sometimes used as a fallback means to obtain data in Case Study Two, and was used more strategically in the digipower project [ARI7.2], where its merits and limitations are discussed (Bowyer, Pidoux, et al., 2022)
Both access requests and download portals rely on the organisation in question to be transparent, accurate and thorough in their provision of information, but an alternative technique of data flow auditing allows individuals to investigate and collect data on the actual behaviour of a target organisation. This was used effectively in the digipower investigation [ARI7.2]. Using an Android app called TrackerControl (Kollnig, 2021), a service provider’s app can be monitored while the user is using it normally, to see which servers or domains that app is contacting (and one can imply, exchanging data with). Apple has recently introduced an equivalent function on iOS, known as App Activity Reports (Apple, 2022), providing iPhone users with the same ability as part of the phone’s operating system. Both tools have limitations, in that the content of the data exchanges is not known, but can be valuable to verify claims made in privacy policies or GDPR responses. These tools can also generate questions for further investigation, for example by identifying third parties such as data brokers with which the target organisation may be sharing personal data. This technique is described further in (Bowyer, Pidoux, et al., 2022), along with a comparison of the different techniques of data flow auditing, data download portals and data access requests.
In general, what the discovery-driven activism approach highlights is that there is a role for pro-active citizens to play in challenging the power of data-holding organisations by treating those organisations as a subject of investigation, both in research (Walby and Larsen, 2012) and in the pursuit of improving civic society (Schrock, 2016).
Once information has been obtained, the activist HDR reformer can use a variety of means to try to bring about the desired change:
| INSIGHT 10: Collectives can compare and unify their data and use their pooled knowledge to demand change. |
|---|
| Increasingly, the Internet experience that individuals experience is not the same as anyone else’s. Thanks to recommendations, targeted ads and social media feeds personalised to your interests, no two people will see the same digital reality. This means it is very difficult for regulators or individuals to hold digital service providers to account. In recent years, many activists have embraced the power of collectives, and realised that together, they can discover far more than they can alone. |
| An example of this is the WhoTargetsMe project, launched in 2017 (Jeffers and Webb, 2017). The objective of this project was to monitor political advertising in the UK. Recognising (as larger studies have shown (Bakshy, Messing and Adamic, 2015)) that everyone was seeing different advertisements, the goal was to have each individual report what adverts they see on Facebook, so that these can be pooled and compared with others. Over 50,000 people participated, building up an otherwise unavailable picture of the ways in which different political demographics were being targeted. This is a powerful mechanism available to collectives in this space: the ability to have individuals obtain their own datapoints and then compare them. |
| Another example is seen in the Worker Info Exchange (‘Worker info exchange’, 2022), a collective that helps gig economy workers such as Uber drivers and Deliveroo riders to make data requests. Using the pooled data, they conduct investigations to understand algorithmic inequalities and identify unfair treatment of worker by employers. They then help those workers to fight for better working conditions, much like a traditional trade union, but powered by collectively-sourced data. This resulted in Uber being taken to court, and some gains being made for drivers (Lomas, 2021; Foucault-Dumas, 2021). |
| As the aforementioned case with Max Schrems showed [Insight 9], collectives can be particularly powerful when exerting their data access rights en masse, and this can improve HDR and force greater transparency. René Mahieu and Jef Ausloos have published an exhaustive list of collective actions taken using GDPR rights, addressing issues such as discrimination by US colleges, corporate surveillance of climate activists, identifying gaps in data disclosures, and manipulation of users on dating apps (R. Mahieu and Ausloos, 2020). The authors identify that the GDPR provides an architecture of empowerment and have called for better enforcement and for European authorities to provide better support for the ability for collectives to make data access requests together (R. L. P. Mahieu and Ausloos, 2020). Hestia.ai’s digipower investigation [ARI7.2] concluded that data-discovery driven collectives are a vital step on the road to a more digitally empowered society (Pidoux et al., 2022, p. 70). It is clear that organised collectives exploiting data access rights represent a powerful vector for impactful discovery-driven activism. |
Having identified that there is a trajectory where individuals and collectives can obtain data to empower them, it is clear that this complex work can be supported. We see the emergence of what I would call data access & ecosystem understanding services, with entrepreneurs and activist enthusiasts:
Such emergent endeavours, given the support that enables them to flourish, could make other HDR reformers using the discovery-driven activism approach more successful by ensuring that a lack of legal, technical or investigative skill does not become a barrier to any HDR practitioner wanting to use this approach.
This approach shows that there is a role for independent actors and organisations to carry out discovery-driven activism–access requests, complaints, legal challenges, public campaigns and more. Discovery-driven activism can empower individuals and collectives to incrementally work towards building the world of better HDR that this thesis outlines.
The approach to HDR reform presented in this section, depicted in Figure 9.3 above, focuses on the gaps in individual data interaction capability that exist today. The objective here is to design and build proofs of concept for novel human-centric information systems that can deliver people new capabilities over their data. In this approach, the focus is more introspective than Approach 1 [9.2]: it is about how the individual can improve their relationship with data in the context of their own digital life. The bulk of this section describes specific design ideas developed by myself and colleagues at BBC R&D during my 2020-2021 research internship on the Cornmarket project [see note ARI7.4]. As established in Insight 2, one of the most promising models for giving people a new and improved relationship with their data is to create a place where one’s scattered (Abiteboul, André and Kaplan, 2015) personal data can be stored and aggregated in one place (Jones, 2011). Based on Insight 3, that place should offer individuals the means to use their life and ecosystem information as a material they can explore, examine or repurpose as they see fit. This leads to the vision of a Personal Data Store [2.3.4] into which one can unify the data from the different parts of your digital life (as depicted in the AllOfMe vision video (‘AllOfMe.com Teaser Clip’, 2008)), and meet public demand for ‘control over your data’ (Teevan, 2001; Hartman et al., 2020). The Cornmarket R&D project sought to develop a human-centred (i.e. non-commercial) PDS proof of concept, as shown in the conceptual model I developed for the BBC Cornmarket project depicted in Figure 9.4.
The first challenge in designing such as a system is to consider what data will be stored, and what data can be represented as life information [7.5; 7.6.1]. At a high level, I identified a number of different types of data that a user might wish to store in a PDS:
Then, considering the earlier observation by myself (Bowyer, 2011) and proponents of temporal PIM systems [2.2.2] that time can be used as a unifying concept for personal information, I considered how we might represent occurrences within personal data as happenings, anchored against a particular point in time. In effect, this would focus on different properties of the data, much like Karger’s lenses [Karger et al. (2005); 2.2.2].
In modelling data as life information using the concepts shown in Figure 9.5 and Figure 9.6, it is important to come up with as simple a model as possible, so that the life interface is not overwhelmingly complex and unmanageable. Over several iterations, I was able to reduce the modelling of life information in a PDS down to the following four types - activities, interactions, transactions and datapoints [Figure 9.7]. These could correspond to four views or lenses within the user interface.
Having decided upon models for the information within a PDS, it becomes much easier to design visual presentations of that information. Figure 9.8 shows a design mock-up designed by Alex Ballantyne of BBC R&D of some of the views of life information that one could offer within a PDS:
What has been shown in Figure 9.8 is the beginnings of imagining what a life interface might look like, a single holistic interface covering all aspects of one’s digital life.
Previous HCI design work [2.3.1] has focused on, in the first wave, the functionality of the machine; in the second wave, on the common tasks of a work environment; and in the third wave, on classes of users and the commonalities of experiences in everyday life. But the challenge designers of life interfaces face is even more difficult. As Lindley noted, no single arrangement of information will suffice because in the same context two people may have different needs [Lindley et al. (2018); 2.2.2]. Because of the subjectivity principles [Bergman, Beyth-Marom and Nachmias (2003); 2.2.2], we are now faced with the need to build an interface that is suited to the individual, even though every individual has different needs. The design requirements for the interface are likely unique to the individual. Therefore, any life interface design must be able support different mental models - and as the life sketching exercise [Figure 5.2] in Case Study Two showed, people have many different ways of compartmentalising their life.
During a life interface design hack week at BBC R&D, colleague Jasmine Cox and I explored this problem. We considered that a key element of the interface design would need to be the versatility to partition one’s life in different ways according to your own worldview, and then to be able to assign different collections of life information to the different partitions. As a visual illustration of one possible mental model for life partitioning, consider Figure 9.9, where, based on an idea I had had years earlier, I modified a Cluedo™ board to represent the ‘rooms of your digital life’:
We also imagined other mental models, such as partitioning your life according to parts of the body (heart for relationships, body for fitness, brain for current projects, etc.) or a landscape with forest, lake and buildings representing different aspects of your life.
Whichever visual metaphor is chosen, the important thing is the functionality–being able to use these partitions to filter [2.1.4] your life information and focus on a particular perspective [Lansdale and Edmonds (1992); Krishnan and Jones (2005); 2.2.2]. Deciding to focus on a particular aspect of one’s life is analogous to fixing a conceptual anchor [Teevan (2001); 2.2.2].
We then produced a mock-up app workflow for assigning different elements of your life (such as people, places or topics) to different partitions of your life, and viewing a visualisation of those different partitions in some subjectively meaningful form before filtering on a particular life partition and then being presented with a timeline [2.2.2] of life information pieces associated with that part of life. This is illustrated in Figure 9.10, with artwork by Jasmine Cox:
During a Cornmarket hack week, I coded a proof of concept: a functional prototype entity extractor, which is detailed in ARI7.1 and shown in Figure ARI7.1.
| INSIGHT 11: Automating the Identification of Entities can enhance Machine Understanding and Unburden Life Interface Users. |
|---|
| Having identified the need to assign every piece of a user’s life information to a particular partition (or multiple partitions) of their life, it quickly becomes apparent that this would be too much work for the user to do alone. Systems that use manual categorisation and tagging to classify information work best with a large userbase to contribute effort to the classification operation (Golder and Huberman, 2006). As part of the explorations of PDS approaches at BBC R&D, I therefore also examined how this challenge might be addressed (considering also that effort could be a deterrent to adoption [Objective 5 [8.5]]). I identified an approach that could help with this problem: If the entities (for example, a person, a place, an event or a topic) associated with a piece of data can be programmatically identified, then a lot of the assignment of data to life partitions can be handled automatically. For example, association with your office location would indicate that any data associated to that location is likely to relate to the ‘work’ part of your life, and this could be done automatically, reducing the effort for the PDS user. The process of identifying entities within data, known as entity extraction or named entity recognition (NER) is a well-established technique, which relies on the trained recognition of proper nouns and keywords combined with the statistical analysis of sentence grammar (Marshall, 2019). This technique is used extensively in text-mining products within the Content Analytics industry such as those produced by my former employer, OpenText (formerly nStein) (‘What is text mining and content analytics?’, 2022). However, in the context of a PDS, I propose that new techniques can be applied, making use of the data touchpoints into different parts of an individual’s life to identify entities relevant to them personally (including, for example, names of friends or private projects that a standard NER solution would not detect). Data is full of references to entities that have personal relevance in your life. Finding these allows meaningful metadata to be attached to each datapoint. Figure 9.11 shows how a large number of entities could be detected from different parts of an individual’s data once it has been imported into a PDS environment: |
| (continues…) |
|---|
| This sort of approach could be quite powerful in reducing the effort for life interface users. By scanning the data, the most prevalent entities could be identified, and the user need only assign the entities to different parts of their life, as illustrated in the first two frames of Figure 9.10. This would then allow hundreds of associated data points which had been programmatically associated to that entity, to be assigned to the correct ‘bucket’ or life partition. I was able to prototype this technique successfully to prove the concept [ARI7.1]. |
| While such an approach would not be perfect, and there would need to be some corrections made by the user, this is far preferable to them having to provide all the classifications and is likely to motivate greater engagement. I have observed in user experience design and consideration of productivity systems that users are more motivated to correct errors, than to fill in a blank page. |
| Philosophically, we are moving here towards a learning system, a system that can be told when it is right and when it is wrong, and get better at classifying things correctly, analogous to the way an executive might train an assistant to anticipate his/her needs better, a sort of digital life assistant (Bowyer, 2018a). Bayesian classification techniques could also be used to help with the learning here (Authors, 2022). This approach is also useful for ecosystem detection–as outlined in Insight 4–as identification of relationships with external entities is a key first step to mapping a user’s ecosystem. |
Insight 11 offers a practical, theory-informed approach as to how we might start to build systems that are more able to understand the meaning of human information [Insight 8]. This is a technique that is already being used by corporations. For example, Facebook has developed an internal system called world2vec, shown in Figure 9.12, through which it mines information about the world from the data that people generate through social media posts, messages and interactions. This information is exploited for commercial benefit. It is about time similar techniques were used for individual benefit and personal data empowerment.
Automatic ‘best guess’ attempts to arrange personal data in a PDS can go further than just association of related entities. In many cases, it is possible to programmatically determine the nature of a piece of data. Figure 9.13 shows a detailed approach for identifying and classifying data automatically in a PDS, drawing on the previously identified data types in Figure 9.5, the data attributes in Figure 9.15, and the entities identified in Figure 9.11. In Figure 9.14, a more abstracted approach is shown looking at how data could be classified according to the four different life information concepts in Figure 9.7.
Moving beyond the initial challenge of classifying and arranging human information within a life interface, a core consideration in designing such an interface is to consider what capabilities the user might be given over the pieces of life information represented in the interface. It is through the provision of a wide range of useful operations upon information items that the information will start to feel like a material as described in Insight 3 and deliver the new capabilities needed for success Insight 7.
There are two ways to consider this problem - one starting with the data, and another starting with the user.
Starting with the data, and considering the different types of data that a user might be able to gather from a across their digital life, I identified that each datapoint or dataset is likely to have properties which determine what can be done with it. A number of possibilities are shown in Figure 9.15:
These attributes could then be used to determine which datapoints would be eligible for inclusion in different views (or lenses (Karger et al., 2005)) of the data, such as tables, graphs, maps, lists, media thumbnail views, etc.
If we consider capabilities from the user’s perspective, it is useful to recognise that visualisations alone (such as those in Figure 9.8) are not sufficient to meet the need for either interrogability or malleability [8.2]. To address the need for malleability, we need to determine what actions an individual might want to perform on a piece of life information. To explore this design question, we can draw on multiple sources of inspiration:
Having developed a large set of initial design ideas for possible actions, I worked with my BBC colleague Chris Gameson to distil this information design thinking into a 12 data card designs that could encapsulate some of the most common actions a user might want to perform upon personal data in a PDS. These are shown in Figure 9.16. These had a similar purpose to the cards in my pilot study [1.3.1] and Case Study One [4.2.1], acting as ‘things to think with’ (Bowyer et al., 2018).
As identified in chapter 5 [5.3.3; 5.4.2] and explored further in 6.1.3, being able to ask questions of data is important to individuals. Addressing this need for interrogability in a similar approach, we produced 10 data card designs to encapsulate some of the different common questions that users might want to ask of their data, as shown in Figure 9.17.
These actions and questions act as a design building blocks, a precursor that can inform the design of features for a life interface that could provide the user with new capabilities to interrogate and manipulate the data in a much more interactive way. The cards were refined and subsequently used in a Cornmarket BBC research engagement with young adults.
Once information has been correctly identified semantically (using approaches such as those in Figure 9.13 and Figure 9.14), and associated to entities, it then becomes possible to enrich users’ search and browse capabilities by enabling the use of facets (Televiciute, 2020) to allow users to precisely target a set of data points or a particular data item. An example of how this could be done is shown in Figure 9.18, another design artefact from my work at BBC R&D. This is not a user interface mock-up but rather a three-stage strategy, with examples, for the different types of facets that one could offer a user to help them explore their data in powerful ways:
This final element of Approach 2, unlike the previous subsections, has a broader focus than just the creation of an effective life interface, because it has sociotechnical/business process design implications too. It aims to address the problem identified in 8.4–the intractable data self. Drawing upon the philosophy behind VRM [2.3.4], we can imagine (as implied by both Case Studies [4.3.3; 5.5.2]) that were individuals able to create or contribute to the digital representation of themselves in data, that this would be more accurate. Furthermore, this would provide an opportunity to address the identified want for involvement [6.2.3]. In the BBC Cornmarket project, this was explored through the concept of profile-based recommendations. Functional interfaces were built which allowed users to construct and edit a representation of their own musical/media tastes known as a ‘media profile’, using personal data such as viewing/listening history imported from multiple sources as inputs. This profile would then be used to recommend new content, which would be likely to be better suited to the individual’s tastes since it would be based on a more accurate representation of self. This aspect of the Cornmarket project (Orphanides, 2021) is not only a practical manifestation of the ideas of pull-centric/VRM approaches, but is also illustrative of a new way of thinking about personal data, where it can be directly generated (or edited/fixed) by the individual, rather than just asserted on inferred by the service provider without verification.
Such thinking could be expanded further to accommodate the idea that data is not static. Once we make the mindset shift from data as a static bundle of facts to data as an ever-changing flow or stream [2.2.5; 4.3.3; 6.2.2], it becomes much easier to think about how processes and interfaces might be updated to give users a direct role in the evolution and shaping of that data. This also makes it easier to maintain knowledge of data’s provenance [Insight 5]. Such inclusive data flows and processes could yield benefits for users in terms of increased ecosystem negotiability [Objective 4 [8.4]], but also for businesses, as Approach 4 [9.5] explores.
The future-centric designs and insights3 I have presented as part of Approach 2 show that while developing interfaces and processes for a better HDR future is a challenging design problem (due to the variety in individuals’ mental models and the breadth of data across an individual’s digital life), it is certainly possible to tackle these challenges. It is likely that the reasons that few have ventured into this space are largely due to the lack of an obvious business model or incentive rather than any question of the merits of these approaches. It is possible to empower individuals with new capabilities over the life and ecosystem information encoded within their data, and even to design new data interaction approaches that give users an ongoing role in the curation of that data, and HDR reformers can help make a world of better HDR a reality by building, or investing, in the building of life-centric technologies and processes.
While Approach 2 [9.3] focuses on designing a better future, and Approach 1 [9.2] focuses on identifying and campaigning for positive changes in provider practices, there is a need for a more direct approach to tackle an urgent and evident problem head on: the active diminishing of users’ agency [8.4]. In pursuit of mass market appeal and cost reduction, there is a trend towards the dumbing down of technology, which invariably leads to fewer features and less agency. Increasingly, companies encourage users to think of technology as a black box, which you cannot and should not look inside, as depicted in Figure 9.20, and discourage users from varying their usage, digging deeper or challenging the normal way of using a product:
This disempowering trend is seen across hardware, software and service industries, where providers attempt to restrict the ways in which technology can be used even after it has been purchased, for example:
Apple, for example, encourages users to consider technology as magical, rather than as tools to be harnessed and understood. This approach is highly problematic for user agency:
“Magical design prioritises pleasing and surprising a passive user who can only use the solution as authorised.”—Cristiano Storni (Storni, 2014)
In order to challenge this trend towards disempowered, compliant users and protect individual autonomy as well as our ability to make sound judgements and hold organisations to account, direct activism and grassroots civic action is called for. This forms the core objective of this approach, which is represented in Figure 9.19 above: to identify ways in which agency is being diminished, and to find ways to circumvent the new barriers in order to maintain existing levels of capability.
It is bad enough when a particular technology blocks you from doing what you want to do, but the trend is even worse when viewed at a broader level: As the digipower investigation highlighted [Insight 6], the information landscape that we inhabit as digital citizens is being manipulated to change what we see, what we understand of the world, and what we can do, in order to manipulate our behaviour, which can have harmful effects on democracy, agency and individual autonomy. Therefore a further goal here is to protect our ability to experience unbiased and unmanipulated information landscapes. A recent US Congress investigation shows how the big five use their dominant positions as device manufacturers, search engines or major Internet platforms to promote their own interests (Sisco, 2022). In a paper looking at the growing manipulation of search results, Shah and Bender consider how this landscape could be protected and accountability preserved. They describe their approach as establishing ‘guardrails for the status quo’, and I find this phrase to be an excellent summary of what Approach 3 is trying to do (Shah and Bender, 2022). At the time of concluding this thesis, August 2022, this issue of the unreliability of the social media landscape has again come to public attention, as former Twitter head of security Peiter ‘Mudge’ Zatko revealed his grave concerns for the security of our information infrastructure and landscape:
“Your whole perception of the world is made from what you are seeing, reading and consuming online, and if you don’t have an understanding of what’s real and what’s not, that is pretty scary.”—O’Sullivan, Duffy and Fung (2022)
We can also take this idea further through the idea of adversarial design (DiSalvo, 2012) which advocated using design processes to challenge the status quo. To understand how to gain traction here and carry out design after design (Storni, 2014), it is important to understand the concept of seams, how they can be exploited, and the risks of losing them. This concept is explained in Insight 12.
| INSIGHT 12: The ‘Seams’ of Digital Services need to be Identified, Exploited and Protected. |
|---|
| As identified in 8.4.1, product design (be it hardware or software) is political. Designers pass some power to the user through their design, but also, users should be able to take some power on their own terms. This is the case made by Cristiano Storni in his 2014 paper on the politics of seams, Cristiano Storni identified the idea of empowerment-in-use which advocates the idea that people need to appropriate their technologies to different uses that the designers may not have foreseen (Storni, 2014). This is blocked by current black box, limit-what-the-user-can-do thinking. Central to this capability is the concept of seams - those exposed areas which the user is free to change. This concept was proposed by Mark Weiser and developed by Chalmers and others (Weiser, 1994; Weiser and Brown, 1997; Chalmers, MacColl and Bell, 2003). Changes such as closures of APIs or removal of ports [8.4.2] can be seem as the removal of seams. As Storni highlights, the availability of design seams is a critical determiner of user power. Companies gain power and reduce agency when they remove or restrict activity at seams. It follows that by identifying, exploiting and protecting the seams of digital services and devices, user autonomy and the viability of data-unification efforts can be protected. |
| An unseen battle is for the free flow of information is underway at the seams of today’s digital products. |
| Hackers, civic activists and makers seek to repurpose and exploit the edges of products for their own means, while digital service providers and platforms try to block such activity. For example: |
| - A successful tool called Findings allowed people to clip and share their favourite quotes from Kindle books. Amazon blocked and banned this tool, and the company shut down (Owen, 2012; Maldre, 2012). |
| - Louis Barclay created a tool called Unfollow Everything, which allowed Facebook users to automatically unfollow all friends and pages, in order to give them greater control of their News Feed reading experience and avoid being manipulated into reading more than they want to. He was banned for life from Facebook and threatened with legal action should he ever build any tools that manipulated the Facebook experience (Barclay, 2021). |
| - Various activist groups have for several years been fighting to give individuals the legal right to repair their own products (Miller, 2021), which has often been blocked through planned obsolence, inaccessible seams or restricting access to parts. The problem has been described as device tenancy, the idea that our relationship with our technology products is more like a tenant, where a landlord retains overall control and permits us to perform certain activities (Tufecki, 2019). New laws have been introduced in the EU (Tett, 2022), forcing companies to support individuals to repair their devices. Apple has subsequently released self-service repair kits, though these themselves force parts to be paired with particular phones, limiting the utility of self-repair (Moore-Colyer, 2022). |
| - As detailed in my co-authored paper with Louis Goffe and colleagues (Goffe et al., 2021, 2022), web extensions and web augmentation offer a powerful technique for modifying web experiences and repurposing user interfaces. This is because once a website is loaded into your browser, it is no longer under the control of the remote site, and by creating a web extension to run code within your local web browser that loaded website can be edited, scraped (P., 2021), or otherwise repurposed. This has been successfully used to stop clickbait, dispute fake news, combat addiction, filter explicit words and more. However, in order to re-assert control over these customisations, Google has announced changes to the way Chrome extensions will work, which could ‘stifle innovation’ and limit what developers can do within the web extension (Miagkov, Gillula and Cyphers, 2019). |
| - An example from 2016 shows how seams can be exploited to obtain information and increase transparency. By brute force querying of a Facebook API, researchers were able to identify a complete list of 282,000 interests on Facebook and identify the relative popularity of each interest. (Havlak and Abelson, 2016). |
| - A number of HDR reformers, myself included, had identified a new seam for subverting some of Facebook’s control over how its content is consumed [8.4]: accessibility tags or ARIA tags (Various Authors, 2022). These are specially marked-up tags in HTML web pages used by screenreaders to display or read content in a more accessible way for partially-sighted or blind people. Because these show page content in a standard format (whereas the HTML of most web pages varies widely and often changes), they present a reliable way to more easily scrape content from the loaded web page within a web extension. In experiments at Open Lab, posts were successfully scraped from friends’ feeds (which Facebook do not make available anywhere except the News Feed) so that they could be consumed separately in a more human-focused user experience. This technique has been used successfully to monitor Facebook ads by NYU’s Ad Observatory (Watzman, 2021), and was used by WhoTargetsMe [Insight 10]. In 2021, Facebook was found to have deliberately obfuscated content within ARIA tags to prevent such investigations, resulting in visually impaired users being unable to differentiate ads from posts, and hearing junk characters read aloud. This can be taken as an adversarial stance against researchers, activists and HDR reformers, and shows that companies like Facebook will go to extraordinary lengths to assert their dominance and reduce user agency (Faife, 2021). |
| - One reason why many companies and services have produced apps is because these are much more locked-down and controllable than the web browser environment; there are fewer seams. However, adopting the same philosophy as using web extensions to modify web-based experiences, and drawing on data flow auditing technologies like TrackerControl [9.3] researchers at Oxford University have now developed techniques by which mobile apps can be reverse-engineered and modified to change user experiences to better meet users’ needs, offering the promise of a right to fair programs (Kollnig, Datta and Kleek, 2021). |
| These examples make it quite clear that Storni was right: product seams are the place where control can be asserted or regained. They are the setting for an ongoing battle for the freedom and integrity of today’s information landscape, and it is important for HDR reform that this space is specifically targeted. The role of the HDR reformer here is twofold: |
| 1) To surface information injustices, especially the closures of seams. |
| 2) To push or ‘hack’ the seams to gain transparency and re-assert control, including gaining access to otherwise inaccessible data and to acquire new functionality. |
| In this context, the work of whistleblowers such as Frances Haugen (Horwitz et al., 2021) and Edward Snowden (Macaskill et al., 2013) is particularly validated and important. Whistleblowers can expose internal practices that harm the information landscape’s integrity that are not otherwise visible. In order to hold online platforms to account, the public must be aware and able to attribute any restriction in freedom or information access to the correct source. They need to know that the information or functionality is being modified or restricted. These ideas are explored further in (Bowyer, 2017). Seams should be much more in the public consciousness than they are. |
The reason that seams are so important, is that because they are a point of friction, a point of resistance to the idea that data should be separable from services [Objective 5 [8.5]]. One of the goals of HDR, and particularly this approach, is to wrest control of data away from service providers, so that it can be truly free-flowing, as I envision in (Bowyer, 2018b). In this approach, I have identified some of the key avenues for progressing this goal–through web extensions, accessibility tags, API exploitation and reverse engineering. But in the face of such extreme power, it appears that such grassroots advocacy will not be enough. For example, web extensions are a powerful approach but are limited in that only those power users who install the extension will gain the benefits. They do not directly help the layperson with their diminishing agency. Therefore, as outlined in [5.5.1], HDR reformers must also work to educate and persuade policymakers of the need for change. As an example of this, in my Case Study Two paper (Bowyer, Holt, et al., 2022) I called for better guidelines from the EU towards data holders. The European Data Protection Board launched a public consultation on a new set of guidelines they had constructed around GDPR (European Data Protection Board, 2022a) and I contributed a detailed set of recommendations to that consultation, emphasising some of the important insights I have identified in this thesis, including a focus on human information, delivering ongoing understanding, establishing standards, and viewing data as an ongoing flow over time (Bowyer, 2022). This sort of engagement by HDR reformers can help shape future policies and guidance, contributing expertise to help the civil servants making those rules. As HDR reformers, we must continue to push for better regulation. It is the only force that can significantly change data-holding organisations’ practices. Better regulation is needed not only to help individual user autonomy, but to combat online extremism (Arthur, 2017). In this context, it is important to note that the European Union is–at the time of writing in summer 2022–developing a wide range of new laws that could help to improve the agency of individuals and the integrity of the information landscape:
It is too early to evaluate exactly what the impact of these laws will be, but HDR reformers should observe them carefully. They will almost certainly play as pivotal a role in protecting the information landscape as the GDPR has in opening up data access to individuals.
In this approach, I have highlighted how important it is for HDR reformers to seize and harness the powers we are given, and fight to hold onto them. Groups of HDR reformers can combine development skills, innovation and disruptive design approaches to find and publicise new ways to circumvent providers’ efforts to control and limit users’ agency, and policymakers can prevent further erosion of individual agency through legislation and enforcement over the information landscape. As the popularised adage (based on the words of John Philpot Curran and Thomas Jefferson) goes, ‘The price of freedom is eternal vigilance’.
Approach 1, the investigative activist approach [9.2], and Approach 3, the digital freedom fighter approach [9.4], can help with users’ ecosystem understanding [Objective 3 [8.3]] and ecosystem negotiability [Objective 4 [8.4]]. Meanwhile, Approach 2, the disruptive interaction designer approach [9.3], can help with user’s direct understanding [Objective 1 [8.1]] and capabilities [Objective 2] over their data. But what of Objective 5 [8.5]? These approaches may not have sufficient impact until and unless the goals of HDR reform become widely accepted among business leaders, citizens, journalists and politicians. And for that to be truly accepted, better HDR must be proven to work.
The call for better Human Data Relations is a call for a radical reconfiguration of today’s data world. As [Objective 5 [8.5]] outlines, where new systems are needed, system builders must invest in and see the value of HDR ideals (not just to individuals but to their organisations). Where new policies are needed, politicians must be persuaded that HDR’s ideals are worthwhile and have public support. And most importantly for any change to occur, there must be a demand for change, and an engagement and appreciation of new HDR approaches once they become available. These are the goals of Approach 4, as illustrated in Figure 9.21 above.
Therefore, there is a complementary parallel trajectory of HDR reformer effort that is needed if the disruptive potential of HDR is to be realised. Across society, we must find ways to demonstrate, persuade and prove the value of better HDR. Collectively, we could call this motivational work in support of HDR reform. I have identified three aspects to this motivational work, which are explored below:
Interactions with participants in the pilot study [1.3.1]], Case Study One and Two have shown me that people do not feel comfortable and confident when it comes to matters of accessing and using their own data. This impression is empirically sound: A research study which surveyed over 1,500 members of the public about attitudes to personal data conducted at BBC R&D in early 2021 highlighted a lack of understanding and confidence around personal data as one of four key findings. Other key takeaways from this research included feelings of helplessness and needing to know the basics (Sharp, 2021). A major part of any effort to overcome the lack of demand for HDR described in 8.5 therefore must begin with educating people about data–and more specifically, to educate people about data, life information [7.6.1], and personal data ecosystems [2.3.4; 7.6.2] from a human-centric, forward-looking HDR reform perspective.
Data literacy is already a strong education and skills focus area across public and private sector, for both children and adults. However, I identify some inadequacy in this concept when viewed through an HDR lens. Given the broad and varying perspectives of data [2.1.1], there are also varying ideas about what data literacy is. To some, data literacy is about the technical skills of number crunching, spreadsheets and data analysis (Precisely Editor, 2022). To others, it is a more high-level ability to read, understand and argue with data, and to exercise critical thinking or identify bias (Knight, 2016). A third perspective is that of technical prowess, as outlined by Gurstein as one of the needs for effective data access–the literal ability to interpret and visualise the information within your data (Gurstein, 2011). While all of these are clearly important aspects, something broader is needed to encompass HDR literacy. This would additionally encompass such as aspects as:
These skills should become part of school curricula, but also need to be taught to adults both in the private and public sector–both in their roles as citizens as well as in their roles within the organisations they work for.
As examples of the sort of educational work that can be beneficial, we need to look at organisations whose remit includes the delivery of education and training. For example:
To support this approach and reach wider audiences, efforts such as those of BBC R&D and Hestia.ai need to be invested in, replicated, scaled up and offered to all age groups and all levels of society. This shows that there is a second, perhaps more significant, reason to support the growth of data access & ecosystem understanding services in addition to the investigative angle in Approach 1, namely to raise HDR literacy across society.
There are two aspects to the motivational problem of generating demand. One is motivating the end users - for which I have shown an approach running through Insight 7 and Approach 2 [9.3]. The other, perhaps more challenging, is to demonstrate that the radical new approaches of HDR reform, while they will entail significant changes and new work, will be worthwhile for businesses and organisations. Some of the challenges of shifting to more inclusive and more human-centric ways of operating are explored in Case Study One [4.4.3]. In the following insight, we consider the ways in which HDR reform such as shared data stewardship [4.2.4], inclusive data flows and individually-sourced data [9.3] might be beneficial to businesses.
| INSIGHT 13: It is Possible (and Necessary) to Demonstrate Business Benefits of Transparency and Human-centricity |
|---|
| As outlined in 8.5 and in this section, it is essential that work is done to persuade data-holding organisations of the benefits of moving towards the new paradigms outlined in this thesis. The following avenues for possible future research and advocacy toward data holding organisations have been identified: |
| - Trust & Reputation: In line with the third public relations-like aspect of HDR [7.3] as well as the recommendations in 4.3.4, 4.4.1, 5.5.2 and 6.2.1, displaying a more inclusive, open and supportive attitude to data handling could strengthen the service relationship and increase customer loyalty and trust. Organisations that are seen to have good Human Data Relations are preferred. |
| - Consent: In the wake of the GDPR, ensuring consent is becoming an increasing concern to organisations, and the risks of legal consequences for mistakes are high. It makes sense that a more dynamic [Bowyer et al. (2018); 4.4.1; 5.5.2; 6.2.2] consent approach that involves individuals [6.2.3] and keeps them in the loop would enable them to speak up much earlier and express consent wishes that might otherwise go undetected. |
| - Accuracy: The best-placed person to spot errors in data’s accuracy or fairness is the individual about whom the data is concerned. Therefore, increasing their involvement is likely to improve the quality of the data, especially if additional data is contributed or curated by the service user [4.3.3, 6.2.3] |
| - Liability: In an increasingly litigious society, storage of personal data, especially health or financial data, is a significant liability for businesses, especially if something goes wrong. Investment in human-centred personal ecosystems would outsource the storage of sensitive data to data trusts or PDS providers, reducing liability for the service business. By ensuring that data is accessed only in ways that are centralised outside of the business and remaining in the user’s control—such as PDS company digi.me’s Private Sharing model (digi.me, 2019; Bowyer, 2020)—organisations can ensure that have negligible risk of mishandling customer data. |
| - Better Customer Targeting The most radical, but perhaps the most persuasive, business model relating to better HDR, is the VRM approach [2.3.4], where individuals express their own service or product desires explicitly, which vendors then respond to. This turns traditional models inside out, and would empower users more, but due to the inherently improved accuracy of a self-declared interest, might also give businesses a greater confidence that their investment in converting those customers to a sale would be worthwhile. It is important to remember that the current drive towards collecting more data that drives the platformisation trend is in order to improve ad targeting, so that businesses can get a better return on their investment. A VRM approach, or any other approach where the individual contributes improved data to their data self, is in line with that current business objective. |
This section has identified the areas which need to be evaluated and explored through research or entrepreneurial investment, in order to produce data that could persuade businesses to adopt reformed HDR approaches to data handling and service user interaction.
The third aspect of the motivational work in Approach 4 is that work must be done not just to create new systems and technologies that meet the HDR objectives [7.7], but to prove that human-centric HDR approaches work. This involves both developing functional technical proofs of concept to test HDR design concepts such as those in Approach 2 [9.3] in practice, as well as starting businesses which can explore new business models to discover which forms of value in the PDE / HDR space can be sufficient to drive the space and its players–which after all will be the engines of change in pursuing HDR–forward.
As an example, development work I undertook with Stuart Wheater as part of my role in the SILVER project (Connected Health Cities, 2017) was successful in building a working system to extract citizens’ health data from EMIS, the medical system used by NHS GPs, and make it available as understandable and explorable timeline-based information that could be understood by support workers, drawing on the ideas of temporal PIM systems 2.2.2. The system was extremely difficult to construct due the closed and insular nature of the different parts of the health and social care sector [8.5.2], resistance to change, and the fragmented nature of public sector systems (Pollock, 2011). Nonetheless, it was successfully trialled with support workers (using test data) and received positive feedback. It proved that silos can be broken down and life information presented in new ways. A screenshot of the interface I developed is shown in Figure 9.22, and example videos have been published online (Bowyer and Wheater, 2017).
Across the MyData and PDE / HDR space, many small businesses have been established which have demonstrated successes in different elements of pursuing the visions of MyData and HDR. For example:
Looking at Approach 4 as a whole, this section has shown that pursuing HDR is not purely a data interaction design problem, nor solely a political problem, nor solely a technical problem. It is all of these, but also, ultimately, even though research can be done in non-profit settings, HDR remains a business problem. In our capitalist society it is essential to find a path to better HDR that companies can get behind. And this approach too has shown that motivation and education go hand-in-hand with all of the above. It is not enough to build new systems. It is necessary to catalyse a cycle of constant feedback, of data-enabled design and action research or iterative software and business model development–finding what works, championing it, communicating it and selling it.
This chapter examined the expanded research question [7.1] of how better Human Data Relations might be achieved in practice. Through detailed practical examples drawn from the peripheral research settings [7.2] and elsewhere, and building upon the 13 [Insights] introduced throughout Chapters 8 and 9, I have illustrated and described four distinct trajectories for improving HDR. These provide practical strategies for HDR reform that could bring about better HDR.
The common elements of these four approaches are summarised in abstract in Figure 9.23 above, which is best understood with reference to Figure 9.1). These common elements are positioned in the four ToC quadrants:
Taken together, these multi-pronged efforts show how HDR could be improved in practice, even despite the identified obstacles. The HDR Index included at the back of this thesis provides a convenient way for future researchers, innovators, activities and other HDR reformers to quickly locate insights and designs of value within this the thesis, so that others can build on this research to pursue improved Human Data Relations.
Those who wish to pursue these approaches need not be technical or experts. The HDR reform agenda, and in particular these four approaches, can be supported or pursued in many different ways, which may appeal to different readers:
This concludes Part Two of the thesis. In the next and final chapter [Chapter 10], I reflect upon the legacy and contributions of the whole thesis.
good
Diagram used here unchanged from Hivos ToC Guidelines (Es, Guijt and Vogel, 2015, p. 90) under a CC-BY-NC-SA 3.0 license, whose authors state that this diagram was adapted from earlier work by Wilber (1996), Keystone (2008) and Retolaza (2010, 2012).↩︎
Cluedo board design is a copyright of Hasbro, Inc., fair use applies.↩︎
The research and design work and insights from my time with BBC R&D’s Cornmarket project are documented in more detail in the external publications detailed in 1.3.4.↩︎